Renewing sendmail.pem, and other self-signed certs
Philip Prindeville
philipp_subx at redfish-solutions.com
Sun Oct 28 20:50:30 UTC 2012
I have an original sendmail.pem that was generated with /etc/pki/tls/certs/make-dummy-cert (which is similar to /etc/pki/tls/certs/Makefile), but it's now expired.
I tried to use the script below to extract the key, subject, and serial #, and generate a new cert based on the same, but for whatever reason Thunderbird balks at it with:
Oct 27 16:59:26 mail sendmail[6025]: STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1, relay=macbook.redfish-solutions.com [192.168.1.17]
Oct 27 16:59:26 mail sendmail[6025]: STARTTLS=server: 6025:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1195:SSL alert number 42
Oct 27 16:59:26 mail sendmail[6025]: q9RMxQX8006025: macbook.redfish-solutions.com [192.168.1.17] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
What am I missing? And should that makefile have a:
%.repem: %.pem
dummy target that updates a cert? Or do we need a update-dummy-cert script additionally?
Here's the script that I used to update the cert.
Thanks,
-Philip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: repem.sh
Type: application/x-sh
Size: 783 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20121028/8207029c/attachment.sh>
More information about the users
mailing list